Traditional computing systems require the usage of specific network ports that are each responsible for communicating using a specific network protocol. In such systems, each network port supports one network protocol. In order for a client device to communicate with a destination device using a particular network protocol, the client device must specify the port of the destination device that corresponds to the particular network protocol. For example, if a client device wishes to communicate with a destination device using the hypertext transfer protocol (HTTP), the client device must specify the port of the destination device that is configured to support HTTP communication (typically port 80). If the client device specifies the wrong port, for example, port 11, which is most likely reserved for a network protocol other than HTTP, the destination device will be unable to respond and establish communications with the client device.
Network port assignments are also important in the field of network security. Networks may be vulnerable to attacks from botnets, which represent a collection of systems that operate to propagate malicious software. Examples of malicious software include worms and Trojan horses. Honeypots and sinkholes are traditionally utilized by networks to protect against malicious software attacks from botnets or an individual compromised computer system. A compromised computer system is a system that has been the victim of a Trojan horse, backdoor entry, or rootkit, and may also be used to launch malicious attacks on other systems within a network. A honeypot is a trap set to counteract unauthorized usage or access of a device. A sinkhole is a target where hostile traffic may be directed to within a network. Traditionally honeypots and sinkholes must be specifically associated with a network protocol in order to counteract malicious network traffic sent from botnets or compromised systems desiring to use a specific network protocol. For example, a dedicated honeypot or sinkhole is necessary for handling data requiring HTTP as the network protocol and a different dedicated honeypot or sinkhole is necessary for handling data requiring Telnet as the network protocol.
However, as is often the case with malicious network traffic, the specified destination port of the malicious network traffic is rarely the same as the actual port that is generally designated for that particular type of network service. For example, a connection request from a botnet using the IRC network protocol may be made to a destination port of a honeypot or a sinkhole typically reserved for HTTP. As a result, honeypots or sinkholes are unable to establish a communication with the compromised system and are thus unable to gather further data regarding the potential malicious network traffic. In these situations, protocol handler servers associated with the honeypots or sinkholes, each dedicated to a particular network protocol, are required in order to communicate with botnets and properly deflect or counteract malicious network traffic. Each protocol handler server is responsible for facilitating communication between a honeypot and sinkhole with a botnet system over a specific network protocol. When the specified destination port of the malicious network traffic is not the same as the actual port that is designated for the particular network service, protocol handler servers are unable to appropriately facilitate communication between the honeypot or sinkhole and botnet system.